package com.yueqian.controller;

import com.yueqian.domain.Role;
import com.yueqian.domain.UserInfo;
import com.yueqian.service.IUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.parameters.P;
import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;

import javax.annotation.security.RolesAllowed;
import java.util.List;

@Controller
@RequestMapping("user")
public class UsersController {

    @Autowired
    private IUserService userService;

    @RequestMapping("findAll.do")
    public ModelAndView findAll() throws Exception {
        //调用服务层的方法
        List<UserInfo> userInfos = userService.findAll();
        ModelAndView mav = new ModelAndView();
        mav.addObject("userList", userInfos);
        mav.setViewName("user-list");
        return mav;
    }

    @RequestMapping("save.do")
    public String save(UserInfo userInfo) throws Exception {
        //调用服务层
        userService.save(userInfo);
        //重定向到查询功能
        return "redirect:findAll.do";
    }

    @RequestMapping("findById.do")
//    @RolesAllowed({"ADMIN"})
/*    //authentication.principal可以取出登录成功认证后的用户信息,该用户信息中没有用户id,只有用户名称,所有下面的注解不可以
      @PreAuthorize("#id == authentication.principal.userId")
*/
    //authentication.principal可以取出用户名所以一下表达式可以
//     @PreAuthorize("'admin'.equals(authentication.principal.username)")
//     @PreAuthorize("'zhangsan'.equals(authentication.principal.username)")
//     @PreAuthorize("'6E02FBF0433A42ABA32BF830FD34322C'.equals(#uid)")
//     @PreAuthorize("authentication.principal.username.equals('zhangsan')")  //SPEL:spring的el表达式(expressions)
/*
    //登录用户是admin,或者具有USER角色的用户可以访问,其他的不可以访问
     @PreAuthorize("'admin'.equals(authentication.principal.username) or hasAuthority('USER')")
*/
/*    //具有ADMIN角色的用户可以访问该方法
    @PreAuthorize("hasRole('ADMIN')")*/
/*
    //具有ADMIN角色的用户可以访问该方法
    @PreAuthorize("hasRole('ROLE_USER')") //具有ROLE_USER角色可以访问该方法
*/
/*    //具有ADMIN角色或者USER角色的用户可以访问该方法
    @PreAuthorize("hasAnyRole('ROLE_USER','ROLE_ADMIN')")*/
    //具有ADMIN角色的用户可以访问该方法
    @Secured({"ROLE_ADMIN"})
    public ModelAndView findById(@P("uid") String id) throws Exception {

        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        String name = authentication.getName();

        Object principal = authentication
                .getPrincipal();
        User user = (User) principal;
        String username = user.getUsername();
        System.out.println("======" + username + "---" + name);
        UserInfo userInfo = userService.findById(id);
        ModelAndView mav = new ModelAndView();
        mav.setViewName("user-show");
        mav.addObject("user", userInfo);
        return mav;
    }


    /*
    根据用户id查询该用户没有关联的角色的集合
     */
    @RequestMapping("findUserAndNoRole.do")
    public ModelAndView findUserAndNoRole(String id) throws Exception {
        List<Role> roleList = userService.findUserAndNoRole(id);
        ModelAndView mav = new ModelAndView();
        mav.setViewName("user-role-add");
        mav.addObject("roleList", roleList);
        mav.addObject("userId", id);
        return mav;
    }

    /*
    给用户添加角色,操作中间表
     */
    @RequestMapping("addRoleToUser.do")
    public String addRoleToUser(String userId, String[] ids) throws Exception {
        userService.addRoleToUser(userId, ids);
        return "redirect:findAll.do";
    }

}
